Many telecommunication management applications need to decode data packets efficiently. For example, many modern switched telecommunications systems (in particular, modern Public Switched Telephone Networks (PSTNs) and Public Land Mobile Networks (PLMNs)) are formed by two related but separate network infrastructures: a bearer or transmission network for carrying end-user voice and data traffic, and a signalling network for controlling the setup and release of bearer channels through the bearer network in accordance with control signals transferred through the signalling network (sometimes known as out-of-band signalling). Such signalling traffic needs to be monitored for billing and fraud detection purposes. In some cases, a system monitoring for “denial of service” attacks may need to perform a packet inspection to detect the signature of an attack. In other cases, an Operation Support System (OSS) monitoring Service Level Agreements (SLAs) needs to distinguish between different packet flows. A network analyzer probing for erroneous behaviour may need to examine, in detail, selected packets. An OSPF (Open-Shortest-Path-First) based topology discovery component may need to examine specific routing information within packets.
The packets flowing through the network may be formatted according to a number of different protocols. Each packet is formed of a sequence of bits, the sequence being divided into fields. In some protocols the fields may be further divided in a hierarchical fashion into sub-fields. In this regard, although the term “field” will be used hereinafter, it will be appreciated that it is intended to include “subfields” within this term. In order to monitor the packets, the packets must be decoded, at least to ascertain their hierarchical structure, with the decoding being dependent on the particular protocol in which the packet has been formatted. Each protocol is defined by a protocol specification, which is, of course, known. Thus, in order to decode packets on the network, a decoder is provided that decodes packets formatted in one or more particular protocols of interest, the decoding operation being specified based on the protocol specifications of the protocols of interest. Of course, if all the possible protocol specifications are known, a single (very complicated) decoder may be provided to decode all the packets. Usually, however, decoders are provided just for particular protocols of interest. In order to implement the decoder, the operations necessary for the decoding are derived from the protocol specification. These operations can be compiled manually, or by using a specialized protocol compiler for those cases where the protocol is specified formally. It will be apparent that if tens, or even hundreds, of different protocol specifications have to be supported, it can be quite complicated to produce the decoder.
In general, after the decoder has decoded the packets, the decoded data from the packets is provided to an application processor to carry out data processing on the data. It will be appreciated, however, that if, for example, the application processor only needs to carry out processing on a small proportion of the data, i.e. the data from only a few fields from only packets of a particular protocol, then decoding of the whole of all of the packets prior to the application processing is highly inefficient. In some limited cases, it has been known to “transfer” some of the application processing to the decoder so that the appropriate processing might be carried out on particular fields as soon as they have been decoded, but even with this technique the whole of each of the packets is still decoded at some point.
The post-processing approach, where operations are executed after the entire packet has been decoded, is often inefficient. A packet decoder might only require access to a small number of fields within the packet, and the work required to decode the other fields can be viewed as wasted effort. Furthermore, the packet decoder may often perform additional checks on the packet to assess its suitability for further processing. It is preferable to execute such code as early as possible to allow the packet decoder to reject packets that are of no interest. Unfortunately the post-processing approach is typically all that is available when some protocol compilers are used, for example a traditional ASN. 1 compiler. This inefficiency can be offset to some extent using filtering, i.e. performing a pre-processing pass to “weed out” at least some of the packets for which there is no interest. Nevertheless, for a complex protocol a lot more work may still need to be performed than is really necessary.
Therefore, what is required is an efficient method of enabling a packet decoder to decode packets at high speed, but that also uses a protocol specification-driven approach to the development of the packet decoder. More specifically, it would be desirable for the packet decoder to determine which fields are required, directly or indirectly, by the user application.